| |
| |
List of Figures | |
| |
| |
List of Tables | |
| |
| |
Foreword | |
| |
| |
Acknowledgments | |
| |
| |
About the Author | |
| |
| |
| |
Introduction | |
| |
| |
Introduction to the Second Edition | |
| |
| |
Who Should Read This Book? | |
| |
| |
How This Book Is Organized | |
| |
| |
What Are You Protecting? | |
| |
| |
Who Are Your Enemies? | |
| |
| |
What They Hope to Accomplish | |
| |
| |
Costs: Protection versus Break-Ins | |
| |
| |
Protecting Hardware | |
| |
| |
Protecting Network and Modem Access | |
| |
| |
Protecting System Access | |
| |
| |
Protecting Files | |
| |
| |
Preparing for and Detecting an Intrusion | |
| |
| |
Recovering from an Intrusion | |
| |
| |
| |
Securing Your System | |
| |
| |
| |
Quick Fixes for Common Problems | |
| |
| |
Understanding Linux Security | |
| |
| |
The Seven Most Deadly Sins | |
| |
| |
Passwords: A Key Point for Good Security | |
| |
| |
Advanced Password Techniques | |
| |
| |
Protecting the System from User Mistakes | |
| |
| |
Forgiveness Is Better than Permission | |
| |
| |
Dangers and Countermeasures During Initial System Setup | |
| |
| |
Limiting Unreasonable Access | |
| |
| |
Firewalls and the Corporate Moat | |
| |
| |
Turn Off Unneeded Services | |
| |
| |
High Security Requires Minimum Services | |
| |
| |
Replace These Weak Doors with Brick | |
| |
| |
New Lamps for Old | |
| |
| |
United We Fall, Divided We Stand | |
| |
| |
| |
Quick and Easy Hacking and How to Avoid It | |
| |
| |
X Marks the Hole | |
| |
| |
Law of the Jungle-Physical Security | |
| |
| |
Physical Actions | |
| |
| |
Selected Short Subjects | |
| |
| |
Terminal Device Attacks | |
| |
| |
Disk Sniffing | |
| |
| |
| |
Common Hacking by Subsystem | |
| |
| |
NFS, mountd, and portmap | |
| |
| |
Sendmail | |
| |
| |
Telnet | |
| |
| |
FTP. The rsh, rcp, rexec, and rlogin Services | |
| |
| |
DNS (named, a.k.a BIND) | |
| |
| |
POP and IMAP Servers | |
| |
| |
Doing the Samba | |
| |
| |
Stop Squid from Inking Out Their Trail | |
| |
| |
The syslogd Service | |
| |
| |
The print Service (lpd) | |
| |
| |
The ident Service | |
| |
| |
INND and News | |
| |
| |
Protecting Your DNS Registration | |
| |
| |
| |
Common Hacker Attacks | |
| |
| |
Rootkit Attacks (Script Kiddies) | |
| |
| |
Packet Spoofing Explained | |
| |
| |
SYN Flood Attack Explained | |
| |
| |
Defeating SYN Flood Attacks | |
| |
| |
Defeating TCP Sequence Spoofing | |
| |
| |
Packet Storms, Smurf Attacks, and Fraggles | |
| |
| |
Buffer Overflows or Stamping on Memory with gets() | |
| |
| |
Spoofing Techniques | |
| |
| |
Man-in-the-Middle Attack | |
| |
| |
| |
Advanced Security Issues | |
| |
| |
Configuring Netscape for Higher Security | |
| |
| |
Stopping Access to I/O Devices | |
| |
| |
Scouting Out Apache (httpd) Problems | |
| |
| |
Special Techniques for Web Servers | |
| |
| |
One-Way Credit Card Data Path for Top Security | |
| |
| |
Hardening for Very High Security | |
| |
| |
Restricting Login Location and Times | |
| |
| |
Obscure but Deadly Problems | |
| |
| |
Defeating Login Simulators | |
| |
| |
Stopping Buffer Overflows with Libsafe | |
| |
| |
| |
Establishing Security Policies | |
| |
| |
General Policy | |
| |
| |
Personal Use Policy | |
| |
| |
Accounts Policy | |
| |
| |
E-Mail Policy | |
| |
| |
Instant Messenger (IM) Policy | |
| |
| |
Web Server Policy | |
| |
| |
File Server and Database Policy | |
| |
| |
Firewall Policy | |
| |
| |
Desktop Policy | |
| |
| |
Laptop Policy | |
| |
| |
Disposal Policy | |
| |
| |
Network Topology Policy | |
| |
| |
Problem Reporting Policy | |
| |
| |
Ownership Policy | |
| |
| |
Policy Policy | |
| |
| |
| |
Trusting Other Computers | |
| |
| |
Secure Systems and Insecure Systems | |
| |
| |
Trust No One-The Highest Security | |
| |
| |
Linux and UNIX Systems Within Your Control | |
| |
| |
Mainframes Within Your Control | |
| |
| |
A Window Is Worth a Thousand Cannons | |
| |
| |
Firewall Vulnerabilities | |
| |
| |
Virtual Private Networks | |
| |
| |
Viruses and Linux | |
| |
| |
| |
Gutsy Break-Ins | |
| |
| |
Mission Impossible Techniques Spies | |
| |
| |
Fanatics and Suicide Attacks | |
| |
| |
| |
Case Studies | |
| |
| |
Confessions of a Berkeley System Mole | |
| |
| |
Knights of the Realm (Forensics) | |
| |
| |
Ken Thompson Cracks the Navy | |
| |
| |
The Virtual Machine Trojan | |
| |
| |
AOL's DNS Change Fiasco | |
| |
| |
I'm Innocent, I Tell Ya! Cracking with a Laptop and a Pay Phone | |
| |
| |
Take a Few Cents off the Top | |
| |
| |
Nonprofit Organization Runs Out of Luck | |
| |
| |
Persistence with Recalcitra | |